<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">I'm not sure how useful this may be,
but these may also be suitable in certain environments<br>
<br>
simplest:<br>
touch /etc/nologin<br>
<br>
and, similarly granular to the option below you could edit:<br>
(Ubuntu / Debian file location)<br>
/etc/security/access.conf<br>
<br>
Pete<br>
<br>
</div>
<blockquote
cite="mid:CAHdpx633+d+cwHuvjXPudHhFnqM0zqdGrtMXMBmpbYC-tQBb7g@mail.gmail.com"
type="cite">
<div dir="ltr">I am a novice when it comes to how clusters work.
but i did find this feature useful.
<div><br>
</div>
<div>
<h1>Specify Which Accounts Can Use SSH</h1>
<span></span><span></span>
<p>You can explicitly allow or deny access for certain users
or groups. For example, if you have a family PC where most
people have weak passwords, you might want to allow SSH
access just for yourself. <span></span><span></span></p>
<p>Allowing or denying SSH access for specific users can
significantly improve your security if users with poor
security practices don't need SSH access. <span></span><span></span></p>
<p><em>It's recommended to specify which accounts can use SSH
if only a few users want (not) to use SSH.</em> <span></span><span></span></p>
<p>To allow only the users <tt>Fred</tt> and <tt>Wilma</tt>
to connect to your computer, add the following line to the
bottom of the <tt>sshd_config</tt> file: <span></span><span></span></p>
<div>
<table>
<tbody>
<tr>
<td>
<p><strong><tt>AllowUsers Fred Wilma</tt></strong></p>
</td>
</tr>
</tbody>
</table>
</div>
<span></span><span></span>
<p>To allow everyone except the users <tt>Dino</tt> and <tt>Pebbles</tt>
to connect to your computer, add the following line to the
bottom of the <tt>sshd_config</tt> file: <span></span><span></span></p>
<div>
<table>
<tbody>
<tr>
<td>
<p><strong><tt>DenyUsers Dino Pebbles</tt></strong></p>
</td>
</tr>
</tbody>
</table>
</div>
<span></span><span></span>
<p>It's possible to create very complex rules about who can
use SSH - you can allow or deny specific groups of users, or
users whose names match a specific pattern, or who are
logging in from a specific location. For more details about
how to create complex rules, see the <a
moz-do-not-send="true"
href="http://manpages.ubuntu.com/manpages/hardy/man5/sshd_config.5.html"
target="_blank">sshd_config man page</a></p>
<p><br>
</p>
<p>this is from the ubuntu documentation but it might prove
useful and can be found <a moz-do-not-send="true"
href="https://help.ubuntu.com/community/SSH/OpenSSH/Configuring">here</a>
.</p>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Jul 23, 2013 at 1:16 PM,
Hearns, John <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:john.hearns@mclaren.com" target="_blank">john.hearns@mclaren.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div> <br>
<br>
John can't you do that with a feature in ssh called
Deny users and specify the user name or that wouldnt
work in a cluster environment.<br>
<br>
<br>
<br>
</div>
I must admit that I am not running this in the context
of an MPI style cluster.<br>
I am configuring nodes for interactive logins using the
batch system to allocate the login sessions (interactive
jobs)
<div><br>
<br>
<br>
<br>
The contents of this e-mail are confidential and for
the exclusive use of the intended recipient. If you
are not the intended recipient you should not read,
copy, retransmit or disclose its contents. If you have
received this email in error please delete it from
your system immediately and notify us either by email
or telephone.
The views expressed in this communication may not
necessarily be the views held by McLaren Racing
Limited. <br>
McLaren Racing Limited | McLaren Technology Centre |
Chertsey Road | Woking | Surrey | GU21 4YH | UK |
Company Number: 01517478 </div>
</div>
<br>
_______________________________________________<br>
Beowulf mailing list, <a moz-do-not-send="true"
href="mailto:Beowulf@beowulf.org" target="_blank">Beowulf@beowulf.org</a>
sponsored by Penguin Computing<br>
To change your subscription (digest mode or unsubscribe)
visit <a moz-do-not-send="true"
href="http://www.beowulf.org/mailman/listinfo/beowulf"
target="_blank">http://www.beowulf.org/mailman/listinfo/beowulf</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Jonathan Aquilina
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Beowulf mailing list, <a class="moz-txt-link-abbreviated" href="mailto:Beowulf@beowulf.org">Beowulf@beowulf.org</a> sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit <a class="moz-txt-link-freetext" href="http://www.beowulf.org/mailman/listinfo/beowulf">http://www.beowulf.org/mailman/listinfo/beowulf</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
---
Dr Peter Clapham, Informatics Systems Group
The Wellcome Trust Sanger Institute, Cambs, CB10 1SA
Tel: +44 (0)1223 834244 x 6972</pre>
<br>
--
The Wellcome Trust Sanger Institute is operated by Genome Research
Limited, a charity registered in England with number 1021457 and a
company registered in England with number 2742969, whose registered
office is 215 Euston Road, London, NW1 2BE.
<br>
</body>
</html>